ISC Bind: Difference between revisions
No edit summary |
(→Config) |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== | =Summary= | ||
ISC BIND (Berkeley Internet Name Domain) is one of the most widely used Domain Name System (DNS) server software packages. It is developed and maintained by the Internet Systems Consortium (ISC) and provides authoritative DNS services for mapping domain names to IP addresses and vice versa. BIND is used by many organizations, from small businesses to large-scale service providers, to implement DNS resolution and zone management. | |||
=Configuration= | |||
===Check Config=== | ===Check Config=== | ||
| Line 6: | Line 10: | ||
named-checkconf /etc/named.conf | named-checkconf /etc/named.conf | ||
==Zones== | |||
===Reload All Zones From Config=== | |||
rndc reload | |||
===Reload A Specific Zone=== | |||
rndc reload [zonename] | |||
===Check A Zone's Status=== | |||
rndc zonestatus [zonename] | |||
===Remove A Zone From Service=== | |||
''(just unloads zone from memory; doesn't delete the zone from config)'' | |||
rndc delzone [zonename] | |||
===Add A Zone=== | |||
*(zone must have been loaded from config already)* | |||
rndc addzone [zonename] | |||
==Cache== | ==Cache== | ||
| Line 25: | Line 55: | ||
rndc flushname website-to-flush.com internal | rndc flushname website-to-flush.com internal | ||
= | =Windows AD Dynamic Updates= | ||
Use these configurations to configure BIND to allow dynamic updates from Windows AD servers. | |||
==ACL== | |||
This makes later config easier, if you have more than one domain controller. | |||
acl "DOMAIN-CONTROLLERS" { | |||
10.144.30.101; // DC1-dave | |||
10.144.35.2; // DC2-dave | |||
10.150.30.5; // DC-jim | |||
}; | |||
== | ==Zone Delcarations== | ||
===Master Config=== | |||
=== | |||
zone "_msdcs.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_msdcs.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_sites.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_sites.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_tcp.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_tcp.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_udp.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_udp.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
===Slave Config=== | |||
zone "_msdcs.lambnet.us" IN { | |||
type slave; | |||
masters { 10.144.30.4; }; | |||
file "dynamic/_msdcs.lambnet.us"; | |||
allow-update-forwarding { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_sites.lambnet.us" IN { | |||
type slave; | |||
masters { 10.144.30.4; }; | |||
file "dynamic/_sites.lambnet.us"; | |||
allow-update-forwarding { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_tcp.lambnet.us" IN { | |||
type slave; | |||
masters { 10.144.30.4; }; | |||
file "dynamic/_tcp.lambnet.us"; | |||
allow-update-forwarding { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_udp.lambnet.us" IN { | |||
type slave; | |||
masters { 10.144.30.4; }; | |||
file "dynamic/_udp.lambnet.us"; | |||
allow-update-forwarding { DOMAIN-CONTROLLERS; }; | |||
}; | |||
==Logging== | |||
channel update-log { | |||
file "/var/log/named/named.update" versions 5 size 5m; | |||
severity info; | |||
print-category yes; | |||
print-severity yes; | |||
print-time yes; | |||
}; | |||
category update { update-log; }; | |||
Latest revision as of 22:24, 21 January 2025
Summary
ISC BIND (Berkeley Internet Name Domain) is one of the most widely used Domain Name System (DNS) server software packages. It is developed and maintained by the Internet Systems Consortium (ISC) and provides authoritative DNS services for mapping domain names to IP addresses and vice versa. BIND is used by many organizations, from small businesses to large-scale service providers, to implement DNS resolution and zone management.
Configuration
Check Config
No output is good output ;)
named-checkconf /etc/named.conf
Zones
Reload All Zones From Config
rndc reload
Reload A Specific Zone
rndc reload [zonename]
Check A Zone's Status
rndc zonestatus [zonename]
Remove A Zone From Service
(just unloads zone from memory; doesn't delete the zone from config)
rndc delzone [zonename]
Add A Zone
- (zone must have been loaded from config already)*
rndc addzone [zonename]
Cache
Flush cache of a domain and all its subdomains
rndc flushtree name [view]
Example:
rndc flushtree website-to-flush.com internal
Flush cache of a domain
rndc flushname name [view]
Example:
rndc flushname website-to-flush.com internal
Windows AD Dynamic Updates
Use these configurations to configure BIND to allow dynamic updates from Windows AD servers.
ACL
This makes later config easier, if you have more than one domain controller.
acl "DOMAIN-CONTROLLERS" {
10.144.30.101; // DC1-dave
10.144.35.2; // DC2-dave
10.150.30.5; // DC-jim
};
Zone Delcarations
Master Config
zone "_msdcs.lambnet.us" IN {
type master;
file "dynamic/_msdcs.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
zone "_sites.lambnet.us" IN {
type master;
file "dynamic/_sites.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
zone "_tcp.lambnet.us" IN {
type master;
file "dynamic/_tcp.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
zone "_udp.lambnet.us" IN {
type master;
file "dynamic/_udp.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
Slave Config
zone "_msdcs.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_msdcs.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
zone "_sites.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_sites.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
zone "_tcp.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_tcp.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
zone "_udp.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_udp.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
Logging
channel update-log {
file "/var/log/named/named.update" versions 5 size 5m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update-log; };